A security firm hacked malware operators, locking them out of their own C&C servers – TechSpot

This’ll put a smile on your face: We love hearing stories of bad actors getting their comeuppance. This one is great, though, because not only did a bunch of hacker wannabes get served (literally), several of them infected themselves with malware due to misconfiguring their own equipment.
Cybersecurity startup Buguard has been hard at work hacking hackers. Using an exploit it found, it has disrupted malware and ransomware servers, locking out their operators. TechCrunch notes that the firm has effectively taken five command-and-control (C&C) servers offline, four of which have gone entirely dark.
The counterattacks were made possible after the source code of a malware called Mars Stealer leaked online. Mars Stealer is a malware-as-a-service platform where hackers can rent server time to conduct attacks. Once the source code leaked, hackers started setting up servers independently rather than paying.
Before Buguard even got ahold of the code, inept hackers were already doing a decent job borking their servers on their own because of faulty installation instructions leaked with the code.
Victim logs and stolen data were entirely wide-open to the internet. According to Morphisec, wannabe malware operators following the flawed instructions wound up configuring their C&C servers to inadvertently grant “full access (777)” to the world. In some instances, the would-be hackers’ ineptitude left “critical assets” exposed.Then Buguard came along and looked at the Mars Stealer source code and found a vulnerability. The researchers developed an exploit for the flaw that allowed them to break into the C&C servers, including ones that operators configured correctly, and take them over.
Once in the system, Buguard deleted the victim logs and stolen data and severed the infected computers’ connection to the C&C server. To add insult to injury, the researchers scrambled the Mars Stealer’s dashboard passwords so that the operators were locked out of their systems. The counterstrikes effectively put five servers out of commission since operators had to start over entirely from scratch reconfiguring their servers and reinfecting their victims. Of the five C&C systems Buguard took down, only one came back online.
While it is great to hear about hackers getting a taste of their own medicine, what Buguard did was not entirely legal, shifting its white hat to gray. Technically, it is illegal to break into any computer system, regardless of its use, unless you are in law enforcement and have a warrant. The general rule of thumb in security research is to look, document, and report, but do not touch.
However, Buguard plans to involve authorities and help them take down more servers. In the meantime, it is not publishing any details of the vulnerability, which also exists in a similar malware called “Erbium,” so the black hats don’t know what to patch.
TECHSPOT : Tech Enthusiasts, Power Users, Gamers
TechSpot is a registered trademark. About Us Ethics Statement Terms of Use Privacy Policy Change Ad Consent Advertise
© 2022 TechSpot, Inc. All Rights Reserved.


Note that any programming tips and code writing requires some knowledge of computer programming. Please, be careful if you do not know what you are doing…

Post expires at 8:00pm on Friday February 24th, 2023

Leave a Reply

Next Post

Top cryptocurrency news on November 01: Hodlnaut lost $190 million in Luna crash, Terra’s Do faces new... - Moneycontrol

Fri Nov 25 , 2022
My AccountFollow us on:Powered By Learn, discover & invest in smallcases across different types to build your long term portfolio.Invest NowExplore from India`s leading investment managers and advisors curating their strategies as smallcases.Invest NowPowered By Diversify your portfolio by investing in Global brands.Invest NowPre-configured baskets of stocks & ETFs that […]
%d bloggers like this: